Our organization's security policies impose several constraints on password changes. There is a complexity requirement, and a ban on reuse of old passwords. I've gotten all of these requirements worked into the 389 server, but when the constraints aren't met, the error message is very misleading and opaque:
Password change failed. Server message: Failed to update password
passwd: Authentication token is no longer valid; new one required
This results in a lot of support requests about the inability to change passwords. Is there any way to make the error messages a little more descriptive? We're using pam_sss and sssd on Centos 7.x.
Thanks,
-- Mitch
No comments:
Post a Comment